ADO SQL strings automation

I was working on a old vb6 program, and was trying to optimize the speed.

In this old program many Sql strings was obtained by concatenating strings, exposing the program at an heavy risk from the point of view of Sql injection; and using parameterized calls the sql engine is able to construct an execution plan.

The list of fields was easily obtained with SQL Management Studio (and converted on a single line with Notepad++) , but there were tables with many fields , and the generation of a sequence of “?” with a “,” as separator , in a number equal to the number of fields was a nightmare.

But i thinked: i’m a programmer … So with a regular expression i have instantly generated the list of “?”

My expression was:

[\[\w\]]+

Because my field list is generated from SQL management studio surrounded with brackets [] .